Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

ANI Exploit Tied to Hacked Super Bowl Site

The same script that planted malicious code last month on the Super Bowl site is responsible for the zero-day animated cursor file exploit on Windows XP SP2. McAfee uncovered the exploit, which preys on an unpatched vulnerability in Windows ANI files, earlier this week.

Websense discovered in February that the official Web site of Dolphin Stadium, which hosted Super Bowl XLI, had been compromised and was serving up malicious code. The attack affected thousands of sites, according to Websense, infecting them with a script.

Last month, Websense reported that the official Web site of Dolphin Stadium, host of Super Bowl XLI, was compromised and was serving up malicious code. In fact, Websense said, the site was the staging ground for a massive attack that affected thousands of Web sites. Those sites were injected with a JavaScript file that had been inserted into the header of the front page of the Dolphin Stadium's site.

The code, hidden under the file name "w1c.exe," planted a Trojan and a keylogger, opening up sites to allow a rogue hacker to track and record keyboard strokes in order to steal credit card, Social Security or other user information.

That Super Bowl site exploit exploited two known vulnerabilities: MS06-014 in MDAC and MS07-004 in vector markup language.

That same script is now serving up the ANI file zero-day.

According to Websense, Googling the referenced script yields 113,000 results. "It's likely that most of those sites were compromised through SQL injection vulnerabilities," the security company says on its site. "Of course many of these sites have been cleaned up, malicious references removed, but not all."